我正在尝试在我的网站上启用HTTPS,而我遇到的问题是https网页从https位置导入js / css / fonts / etc,但是浏览器会看到一些(不是全部)这些http链接 .
请参阅JSFiddle上的示例:
<html>
<head>
<!-- This loads correctly as HTTPS content -->
<script type="text/javascript" src="//code.jquery.com/jquery-3.3.1.min.js"></script>
<!-- This is blocked by the browser as Mixed Active Content, even though the page scheme is https -->
<script type="text/javascript" src="//highcharts.com/highslide/highslide-full.min.js"></script>
<!-- Explicitly setting `https` does not change the result -- it still considers this `http` -->
<script type="text/javascript" src="https://highcharts.com/highslide/highslide-full.min.js"></script>
</head>
<body>
<p>Lorem ipsum</p>
</body>
</html>
到底是怎么回事?问题来自源头吗?为什么浏览器会随意用http取代https?它从缓存中拉出来了吗? (我尝试过使用Ctrl-F5;有没有更好的方法来排除这种情况?为什么它也不会以同样的方式缓存JQuery?)
这看起来与How to fix "Blocked loading mixed active content" for css and js over https是同一个问题,但那里接受的解决方案没有帮助 . 它's difficult to find other related questions because everything I see seems to just be explaining super-basic Mixed Active Content – that you can'在同一页面中同时使用http和https,我已经理解了 .